From 8a4f0fcd3fc1a35c1482975114555b0fed75a1c0 Mon Sep 17 00:00:00 2001
From: Alex Groce <agroce@gmail.com>
Date: Wed, 28 Jul 2021 13:03:08 -0700
Subject: Document faster throughput configuration

---
 doc/fuzzing.md | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'doc/fuzzing.md')

diff --git a/doc/fuzzing.md b/doc/fuzzing.md
index 6fc9077e4c..6605749557 100644
--- a/doc/fuzzing.md
+++ b/doc/fuzzing.md
@@ -83,6 +83,10 @@ INFO: seed corpus: files: 991 min: 1b max: 1858b total: 288291b rss: 150Mb
 …
 ```
 
+## Run without sanitizers for increased throughput
+
+Fuzzing on a harness compiled with `--with-sanitizers=address,fuzzer,undefined` is good for finding bugs. However, the very slow execution even under libFuzzer will limit the ability to find new coverage. A good approach is to perform occasional long runs without the additional bug-detectors (configure `--with-sanitizers=fuzzer`) and then merge new inputs into a corpus as described in the qa-assets repo (https://github.com/bitcoin-core/qa-assets/blob/main/.github/PULL_REQUEST_TEMPLATE.md).  Patience is useful; even with improved throughput, libFuzzer may need days and 10s of millions of executions to reach deep/hard targets.
+
 ## Reproduce a fuzzer crash reported by the CI
 
 - `cd` into the `qa-assets` directory and update it with `git pull qa-assets`
-- 
cgit v1.2.3